package gitbook.config;

import gitbook.auth.MyUserDetailService;
import gitbook.dao.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

//    @Autowired
//    private DataSource dataSource;

    @Autowired
    private UserRepository userRepository;

    /**
     * 通过重载，配置SpringSecurity的Filter链
     *
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    /**
     * 配置如何通过拦截器保护请求
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//                .antMatchers("/user/login").permitAll() //需要相应角色
//                .anyRequest().authenticated()
//                .and().csrf().disable().formLogin()
//                .loginPage("/user/login").permitAll();//自定义登录界面
        http
                .csrf().disable()
                .formLogin().loginPage("/spitter/login")
                .and().logout().logoutSuccessUrl("/").logoutUrl("/spitter/logout")
                .and().rememberMe().tokenValiditySeconds(2419200).key("spitterKey")
                .and().authorizeRequests()
                .antMatchers("/spitter/save").hasRole("ADMIN")
                .antMatchers("/spitter/me").hasAnyRole("USER", "ADMIN")
                .antMatchers("/spitter/sysinfo").hasAnyRole("HELPER")
                .anyRequest().permitAll();
    }

    /**
     * 配置user-detail服务
     * 不重载此方法则没有用户存储支撑认证过程
     * 为了满足登录系统的需求，需要添加3点配置
     * 1.配置用户存储
     * 2.指定哪些请求需要认证，那些不需要认证，以及所需权限
     * 3.提供一个自定义登陆页面，替换原来简单的登录页
     * <p>
     * 4.可能还需要有选择性的在web视图上显示特定内容
     *
     * @param auth
     * @throws Exception
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        //基于内存的用户存储、认证
//        auth.inMemoryAuthentication()
//                .withUser("admin").password("admin").roles("ADMIN", "USER")
//                .and()
//                .withUser("user").password("user").roles("USER");

//        auth.jdbcAuthentication()
//                .dataSource(dataSource)
//                .usersByUsernameQuery("select username,password,true from user where username=?")
//                .authoritiesByUsernameQuery("select username,'ROLE_USER' from user where username=?");

        auth.userDetailsService(new MyUserDetailService(userRepository));
    }

}
